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(54) Image forming apparatus and use control method 



(57) An image forming apparatus is provided, in 
which a plurality of applications can be installed in the 
image forming apparatus : the image forming apparatus 
includes: a use control part for receiving one or more 



authentication results from one or more authentication 
parts, and controlling use restriction for one or more ap- 
plications according to the received one or more authen- 
tication results. 
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Description 

[0001] The present invention relates to an image 
forming apparatus that provides user services relating 
to image forming processes such as copying, printing, 
scanning, facsimile and the like. More particularly, the 
presenl invention relates lo an image forming apparatus 
that can manages a plurality of authentication/billing ap- 
paratuses and a plurality of authentication/billing appli- 
cations. 

[0002] Recently, an imago forming apparatus (to bo 
referred to as a compound machine hereinafter) that in- 
cludes functions of a printer, a copier, a facsimile, a 
scanner and the like in a cabinet is generally known. The 
compound machine includes a display part, a printing 
part and an image pickup part and the like in a cabinet, 
in the compound machine, three pieces of software cor- 
responding to the printer, copier and facsimile respec- 
tively are provided, so that the compound machine func- 
tions as the printer, the copier, the scanner and the fac- 
simile respectively by switching the software. 
[0003] Since the conventional compound machine is 
provided with each software for the printer, the copier, 
the scanner and the facsimile individually, much time is 
required for developing the software. Therefore, the ap- 
plicant has developed an image forming apparatus 
(compound machine) including hardware resources, a 
plurality of applications, and a platform including various 
control services provided between the applications and 
the hardware resources. The hardware resources in- 
clude a display part, a printing part and an image pickup 
part, and are used for image forming processes. The 
applications perform processes intrinsic for user servic- 
es of printer, copier and facsimile and the like. The plat- 
form includes various control services performing man- 
agement of hardware resources necessary for at least 
two applications commonly, performing execution con- 
trol of the applications, and image forming processes, 
when a user service is executed. 

[0004] According to such a compound machine, for 
strengthening security, when the user uses the com- 
pound machine, user authentication is performed by us- 
ing a user ID and a password so as to restrict use of the 
compound machine by an invalid user or to restrict use 
of the compound machine on the basis of billing infor- 
mation of the user. According to the compound machine 
including the authentication capability and the billing ca- 
pability, generally, user IDs and passwords are man- 
aged by an authentication database in a storage of the 
compound machine, and : user IDs and billing informa- 
tion are managed by a billing database in the storage of 
the compound machine. Recently, compound machines 
are used in an environment in which a plurality of com- 
pound machines are connected via a network such as 
a LAN (Local Area Network) and/or the Internet and the 
compound machines are used from a computer such as 
a PC or a work station. Therefore, it is necessary to pro- 
vide the authentication database and the billing data- 



base for each compound machine connected to the net- 
work, and it is necessary to manage the user IDs and 
the passwords in each compound machine. 
[0005] However, for managing the authentication in- 

5 formation and the billing information such as the user 
IDs and the passwords in the authentication database 
and Lhe billing database in the compound machine, it is 
necessary to manage the authentication database and 
the billing database separately for each compound ma- 

10 chine. Thus, there is a problem in that management of 
authentication information and billing information be- 
comes complicated. 

[0006] That is, since permitted users my be different 
for each compound machine, it is necessary to deter- 

15 mine which compound machine is usable by a user 
when information specific to the user is to be updated. 
Thus, when many compound machines are connected 
on a network, work load for managing the authentication 
information and the billing information increases. 

20 [0007] In addition, when authentication information 
and billing information for one user is changed, it is nec- 
essary to update the authentication database and the 
billing information for all of the compound machines on 
the network. Thus, if system managers are different for 

25 each compound machine, the work load for mainte- 
nance of the authentication information and the billing 
information becomes large. 

[0008] In addition, even when update of the authenti- 
cation database is restricted to a system manager of the 
30 compound machine, it is easy to tamper the authentica- 
tion database or the billing database, by disguising as 
the system manager. That is, improving security is a 
problem. 

[0009] There are a plurality of methods for authenti- 
35 cation and billing, and there is a possibility thai a plurality 
of authentication/billing systems are used in a com- 
pound machine. However, there has been no technolo- 
gy for managing the plurality of authentication/billing 
systems in the compound machine, and for using the 
40 plurality of authentication/billing systems for restricting 
use of one or more applications. 

[001 0] An object of the present invention is to provide 
an image forming apparatus that can use a plurality of 
authentication/billing systems for a plurality of applica- 

45 tions, in which the plurality of authentication/billing sys- 
tems may include an authentication/billing system using 
an external server that manages user information such 
as authentication information and billing information. 
[0011] The above-object is achieved by an image 

50 forming apparatus in which a plurality of applications 
can be installed, the image forming apparatus including: 

a use control partfor receiving one or more authen- 
tication results from one or more authentication 
55 parts, and controlling use restriction for one or more 
applications according to the received one or more 
authentication results. 
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[0012] According to the present invention, one or 
more authentication part can be applied to one or more 
applications 

[0013] The use control part refers to information indi- 
cating one or more authentication parts that correspond 
lo an application, causes Ihe one or more authentication 
parls lo perform aulhenlicalion process when Ihe appli- 
cation is used, and sends an authentication result to the 
application. 

[0014] Accordingly, authentication by one or more au- 
thentication parts can bo performed for one application. 
[0015] In addition, the use control part may refer to 
information indicating one or more applications that cor- 
respond to an authentication part, and sends an authen- 
tication result of the authentication part to an application 
in the one or more applications when the application is 
used. Therefore, for use of one or more applications, a 
predetermined authentication part can be used. 
[0016] In the image forming apparatus, the use con- 
trol part may include a part for controlling use restriction 
for a function of the application. Therefore, use restric- 
tion can be controlled for each function of an application. 
[0017] In the image forming apparatus, the use con- 
trol part may send an authentication resul indicating suc- 
cess of authentication to the one or more applications 
only when authentication by all of the one or more au- 
thentication parts succeeds. 

[0018] Also, the use restriction part may send an au- 
thentication result indicating success of authentication 
to the one or more applications when authentication by 
at least one authentication part in the one or more au- 
thentication parts succeeds. 

[0019] Thus, relationship between the one or more 
authentication parts can be determined. Therefore, 
proper aulhenlicalion can be performed according lo 
properties of applications. 

[0020] In the image forming apparatus, each of the 
one or more authentication part may be an application 
or an apparatus connected to the image forming appa- 
ratus. Therefore, as an authentication part, not only a 
new authentication application but also a conventional 
externally connected apparatuses can be used. 
[0021] In the image forming apparatus, the authenti- 
cation part may performs authentication by using user 
authentication information input by a user and user au- 
thentication information registered beforehand. The au- 
thentication part also may perform authentication by us- 
ing billing information input by a user and available bill- 
ing information registered beforehand. 
[0022] The image forming apparatus may further in- 
cludes hardware resources used for image forming 
processes, and control services that perform processes 
of the system side including control of the hardware re- 
sources, wherein the image forming apparatus is con- 
figured so as to be able to install a plurality of applica- 
tions separately from the control services, and the im- 
age forming apparatus includes the use control part as 
a control service. 



[0023] The above-object is also achieved by an image 
forming apparatus in which a plurality of applications 
can be installed, the image forming apparatus including: 

5 a display part for displaying a screen, on an opera- 

tion panel of Ihe image forming apparatus, for se- 
lecting one or more applications for an authentica- 
tion part, in which user authentication by the au- 
thentication part is applied to use of the one or more 

10 applications; and 

a use control part for receiving an authentication re- 
sult from the authentication part, and controlling use 
restriction for the one or more applications accord- 
ing to the authentication result. 

15 

[0024] According to the present invention, one or 
more applications can be selected for an authentication 
part, so that authentication of the authentication part can 
be applied to the selected one or more applications. 

20 [0025] In the image forming apparatus, information in- 
put from the screen may be stored in the image forming 
apparatus as information indicating the one or more ap- 
plications corresponding to the authentication part. 
Thus, the use control part can perform control according 

25 to the stored information. 

[0026] In the image forming apparatus, the display 
part displays a screen for selecting one or more func- 
tions of an application to which user authentication by 
the authentication part is applied. 

30 [0027] The above-object can be also achieved by an 
image forming apparatus in which a plurality of applica- 
tions can be installed, the image forming apparatus in- 
cluding: 

35 a display part for displaying a screen, on an opera- 
tion panel of the image forming apparatus, for se- 
lecting one or more authentication parts for an ap- 
plication, in which user authentication by the one or 
more authentication parts can be applied to use of 
^0 the application; and 

a use control partfor receiving one or more authen- 
tication results from the one or more authentication 
parts, and controlling use restriction forthe applica- 
tion according to the one or more authentication re- 
45 suits. 

[0028] According to the present invention, one or 
more authentication parts can be selected for an appli- 
cation, so that authentication of the one or more authen- 

50 tication parts can be applied to the application. 

[0029] The information input from the screen may be 
stored in the image forming apparatus as information 
indicating the one or more authentication parts corre- 
sponding to the application. 

55 [0030] In the image forming apparatus, the display 
part may display a screen for setting relationship among 
the one or more authentication parts. Also, the display 
part may display a screen for setting information indicat- 
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irig that user authentication for use of the application 
succeeds only if authentication by all of the one or more 
authentication parts succeeds. In addition, the display 
part may display a screen for setting information indicat- 
ing that user authentication for use of the application 
succeeds if authentication by at least one of the one or 
more authentication parts succeeds. Therefore, proper 
authentication can be performed even when one or 
more authentication parts are used for an application. 
[0031 ] Other objects, features and advantages of the 
present invention will become more apparent from the 
following detailed description when read in conjunction 
with the accompanying drawings, in which: 

Fig.1 shows a main configuration. of the compound 
machine and a network configuration including the 
compound machine according to the first embodi- 
ment of the present invention; 
Fig. 2 is a block diagram of the compound machine 
according to the first embodiment of the present in- 
vention; 

Fig. 3 shows an example of a hardware configura- 
tion of the compound machine; 
Fig.4 shows data flows in the user authentication 
process in the compound machine; 
Fig.5 is a flowchart of the procedure of the user au- 
thentication process; 

Fig.6 shows a user name/password input screen; 
Fig.7 shows the procedure of the entry search re- 
quest process; 

Fig. 8 shows a main configuration of the compound 
machine and a network configuration including the 
compound machine according to the second em- 
bodiment; 

Fig. 9 is a block diagram showing a functional con- 
figuration of the compound machine of the second 
embodiment; 

Fig. 10 shows data flows in the billing process and 
the use restriction process by the compound ma-, 
chine of the second embodiment; 
Fig.1 1 is a flowchart of the procedure of the use re- 
striction process according to the second embodi- 
ment; 

Fig. 1 2 is a figure for explaining the capability of the 

CCS of the third embodiment; 

Fig.1 3 shows a software configuration of the CCS 

according to the third embodiment; 

Fig.1 4 is an example of code in the device interface 

part; 

Fig.1 5 shows a screen in which a list of usable au- 
thentication/billing systems is displayed; 
Fig.1 6 shows a screen for selecting functions of ap- 
plications to which authentication/billing is applied; 
Fig. 17 shows a screen for selecting functions of ap- 
plications to which authentication/billing is applied; 
Fig.1 8 shows an example of stored setting informa- 
tion set by using the screen shown in Figs. 16 and 
17; 



Fig. 1 9 shows an example of a screen for performing 
setting; 

Fig. 20 shows a screen for selecting applications to 
which authentication/billing is performed; 
5 Fig.21 is an example of stored setting information 

by performing selling by using the screen shown in 
Fig.20; 

Fig. 22 shows an example of a screen for performing 
setting; 

10 Fig. 23 shows a screen for selecting authentication/ 

billing systems that is applied to an application. 

[0032] In the following, the image forming apparatus 
and use control method will be described with reference 
15 to figures. 

(First embodiment) 

[0033] Fig.1 shows a main configuration of the image 
20 forming apparatus (to be referred as "compound ma- 
chine" hereinafter) and a network configuration includ- 
ing the compound machine according to the first embod- 
iment. The compound machine 100 of the first embodi- 
ment displays an input screen for inputting a user name 
25 and a password on the operation panel. Then, the com- 
pound machine 100 request an external server on the 
Internet to search for an password corresponding to the 
input user name, and performs user authentication by 
comparing the input password and the password ob- 
30 tained from the outside. Then, the compound machine 
100 can restrict use of the compound machine for an 
invalid user. 

[0034] As shown in Fig.1 , the compound machine 1 00 
of this embodiment is connected to the Internet 170 
35 which connects a LDAP (Lighlweigh Direcliry Access 
Protocol) sever 300. TCP/IP is used for the communi- 
cation protocol between the compound machine 100 
and the LDAP server 300. 

[0035] As the main configuration for realizing the user 
40 authentication method in the compound machine 100, 
as shown in Fig.1, the compound machine 100 mainly 
includes applications such as an authentication applica- 
tion 117 and a copy application, after mentioned control 
services, inetd 141 and httpd 142 that operate as dae- 
45 mons, a network controller 1 03, and an operation panel 
150. 

[0036] The LDAP server 300 is a server for providing 
a directory service according to a X.500 based protocol 
that is simplified for the Internet. In the LDAP server 300, 
so a password, a mail address, and personal information 
are stored for each user name. 

[0037] The authentication application 117 performs 
user authentication process based on the user name 
and the password by using the LDAP server. The au- 
55 thentication application 117 includes a user information 
input process part 151 , an external server communica- 
tion part 152 and an authentication part 153. 
[0038] The user information input processing part 151 
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displays a user name/password input screen on an op- 
eration display part of the operation panel 150 : and re- 
ceives the user name and the password : in which user 
name/password input screen is used for inputting a user 
name (user identifying information) and a password 5 
Buser authentication information) lhal represents valid- 
ity of the user. 

[0039] The external server communication part 152 
sends the user ID that is input from the operation display 
part to the LDAP sever 300. The LDAP server searches 
for a password corresponding to the user name of the 
compound machine 1 00. The external server communi- 
cation part 152 receives the password as the search re- 
sult 

[0040] The authentication part 1 53 determines wheth- 
er the password received from the LDAP sever 300 and 
the password input from the operation panel are the 
same, and sends the determination result to the CCS 
129 by using interprocess communication. 
[0041] The CCS (Certified Control Service) 129 is a 
control service for performing user restriction or billing 
process. According to the compound machine 100 of 
this embodiment, the CCS 129 receives the determina- 
tion result of the user authentication from the authenti- 
cation part 153 of the authentication application 117, 
and, sends information, to the copy application 112, in- 
dicating whether use of the copy application 112 is re- 
stricted for the user. The control services such as the 
OCS 126 and the SCS 122 will be described later. 
[0042] The inetd 141 is a daemon that always moni- 
tors a data receive/send request. When the inetd 141 
detects a connection request for a protocol, the inetd 
141 launches a server program for handling the proto- 
col. The inetd 141 is similar to the inetd of UNIX. In the 
compound machine 100 of the first embodiment, the in- 
etd 1 41 always monitors a port for receiving/sending da- 
ta of http or https protocol. When the inetd 141 detects 
a connection request on the port, the inetd launches ht- 
tpd 142. 

[0043] The httpd 1 42 always monitors the port 80 that 
receives a message sent by the http or https protocol. 
The httpd 142 receives a request message and sends 
a response message on the port 80. The structure of the 
request message and the response message is the 
same as a normal message of the http protocol. Each 
message includes a message body of html format. 
[0044] The network controller 103 is used for data 
communication by the http protocol and the https proto- 
col. 

[0045] Next, the whole functional configuration of the 
compound machine 100 will be described. Fig.2 is a 
block diagram of the compound machine according to 
the first embodiment of the present invention. 
[0046] As shown in Fig.2, the compound machine 1 00 
includes hardware resources and a software group 110. 
The hardware resources include a black and white line 
printer (B&W LP) 101 , a color laser printer (Color LP) 
102, and hardware resources 1 03 such as a scanner, a 



facsimile, a hard disk, memory and a network interface. 
The software group 110 includes a platform 120, appli- 
cations 130. 

[0047] The platform 1 20 includes control services for 
interpreting a process request from an application and 
issuing an acquiring request for hardware resources, a 
system resource manager (SRM) 1 23 Tor managing one 
or more hardware resources and arbitrating the acquir- 
ing requests from the control services, and a general- 
purpose OS 121 . 

[0048] The control services include a plurality of serv- 
ice modules, which are a system control service (SCS) 
122, an engine control service (ECS) 124, a memory 
control service (MCS) 125, an operation panel control 
service (OCS) 126, a fax control service (FCS) 127, a 
network control service (NCS) 128 and a certification 
control service (CCS) 129. In addition, the platform 120 
has application program interfaces (API) that can re- 
ceive process requests from the applications 130 by us- 
ing predetermined functions. 

[0049] The general purpose OS 121 is a general pur- 
pose operating system such as UNIX, and can execute 
each piece of software of the platform 120 and the ap- 
plications 130 concurrently as a process. 
[0050] The process of the SRM 123 is for performing 
control of the system and for performing management 
of resources with the SCS 1 22. The process of the SRM 
123 performs arbitration and execution control for re- 
quests from the upper layer that uses hardware resourc- 
es including engines such as the scanner part and the 
printer part, a memory, a HDD file, a host l/Os (Centro- 
nics l/F, network l/F IEEE1394 l/F, RS232C l/F and the 
like). 

[0051] More specifically, the SRM 123 determines 
whether the requested hardware resource is available 
(whether it is not used by another request), and f when 
the requested hardware resource is available, notifies 
the upper layer that the requested hardware resource is 
available. In addition, the SRM 123 performs scheduling 
for using hardware resources for the requests from the 
upper layer, and directly performs processes corre- 
sponding to the requests (for example, paper transfer 
and image forming by a printer engine, allocating mem- 
ory area, file generation and the like). 
[0052] The process of the SCS 1 22 performs applica- 
tion management, control of the operation part, display 
of system screen, LED display, resource management, 
and interrupt application control. 
[0053] The process of the ECS 1 24 controls engines 
of hardware resources including the white and black la- 
ser printer (B&W LP) 1 01 , the color laser printer (Color 
LP) 1 02, the scanner, and the facsimile and the like. The 
process of the MCS 125 obtains and releases an area 
of the image memory, uses the hard disk apparatus 
(HDD), and compresses and expands image data. 
[0054] The process of the FCS 1 27 provides APIs for 
sending and receiving of facsimile from each application 
layer by using PSTN/ISDN network, registering/refer- 
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ring of various kinds of facsimile data managed by BKM 
(backup SRAM), facsimile reading, facsimile receiving 
and printing, and mixed sending and receiving. 
[0055] The NCS 128 is a process for providing serv- 
ices commonly used for applications that need network 
I/O. The NCS 1 28 distributes dala received from the net- 
work by a protocol lo a corresponding application, and 
acts as mediation between the application and the net- 
work when sending. data to the network. More specifi- 
cally, the process of the NCS 128 includes server dae- 
mon such as ftpd, httpd, Ipd, snmpd, tclnctd, smtpd, and 
client function of tho protocols. 

[0056] The process of the OCS 126 controls an oper- 
ation panel that is a means for transferring information 
between the operator (user) and control parts of the ma- 
chine. In the compound machine 100 of the embodi- 
ment, the OCS 126 includes an OCS process part and 
an OCS function library part. The OCS process part ob- 
tains an key event, which indicates that the key is 
pushed, from the operation panel, and sends a key 
event function corresponding to the key event to the 
SCS 122. The OCS function library registers drawing 
functions and other functions for controlling the opera- 
tion panel, in which the drawing functions are used for 
outputting various images on the operation panel on the 
basis of a request from an application orfrom the control 
service. The OCS function library is dynamically linked 
to the application and each module of the control serv- 
ices. All of the OCS 1 26 can be configured as a process, 
or can be configured as an OCS library. 
[0057] The application 1 30 includes a printer applica- 
tion 111 that is an application for a printer having page 
description language (PDL) and PCL and post script 
(PS), a copy application 112, a fax application 113, a 
scanner application 114 that is an application for a scan- 
ner, a network file application 115, a process check ap- 
plication 116 and the authentication application 117. 
[0058] Interprocess communication is performed be- 
tween a process of the application 130 and a process 
of the control service, in which a function is called, a 
returned value is sent, and a message is sent and re- 
ceived. By using the interprocess communication, user 
services for image forming processes such as copying, 
printing, scanning, and sending facsimile are realized. 
[0059] As mentioned above, the compound machine 
1 00 of the first embodiment includes a plurality of appli- 
cations 1 30 and a plurality of control services, and each 
of those operates as a process. In each process, one or 
more threads are generated and the threads are exe- 
cuted in parallel. The control services provide common 
services to the applications 1 30. User services on image 
formation such as copying, printing, scanning and send- 
ing facsimile are provided while the processes are exe- 
cuted in parallel, the threads are executed in parallel, 
and interprocess communication is performed. A third 
party vendorcan develop applications forthe compound 
machine 100, and can executes the application in an 
application layer on the control service layer in the com- 



pound machine 100. The authentication may be one of 
the applications. 

[0060] In the compound machine 100 of the first em- 
bodiment, although processes of applications 130 and 
s processes of control services operate, the application 
and the control service can be a single process. In ad- 
dition, an application in the applications 130 can be add- 
ed or deleted one by one. 

[0061] Fig. 3 shows an example of a hardware config- 

10 uration of the compound machine 100. 

[0062] The compound machine 100 includes a con- 
troller 160, an operation panel 175, a fax control unit 
(FCU) 1 76, and an engine part 1 77 that is hardware re- 
source such as a printer that is specific for image form- 

15 ing processing. The controller 1 60 includes CPU 1 61 , a 
system memory 162, a north bridge (NB) 163, a south 
bridge (SB) 164, ASIC 166 ; a local memory 167 : HDD 
168, a network interface card (NIC) 169, a SD card slot 
170, a USB device 171, an IEEE1394 device 172, and 

20 a Centronics 173. The memories 162, 167 may includes 
RAMs and/or ROMs, for example. The FCU 1 76 and the 
engine part 177 are connected to the ASIC 166 in the 
controller via a PCI bus 178. The CPU 161 executes 
programs of the application and control services and the 

25 like installed in the compound machine 100 by reading 
data from a RAM. 

[0063] In the following, the user authentication meth- 
od by the compound machine 100 of the first embodi- 
ment will be described. Fig.4 shows data flows in the 
30 user authentication process in the compound machine 
100. Fig.5 is a flowchart of the procedure of the user 
authentication process. 

[0064] According to the compound machine 1 00, after 
the power is turned on, the copy application 112 is 

35 launched first. At that lime, user authentication is per- 
formed. If the authentication succeeds, an initial screen 
of the copy application 112 is displayed on the operation 
display part 1 50a of the operation panel 1 50, so that the 
user can perform copy operations. 

40 [0065] First, the user information input process part 
151 in the authentication application 117 displays the 
user name/password input screen 501 shown in Fig.6 
on the operation display part 150a of the operation panel 

1 50 in step S401 . The screen is displayed by performing 
45 drawing function call to the OCS function library. When 

a key is input from the operation display part 150a, the 
key event of the input key is obtained by the OCS 126, 
and is sent to the user information input process part 

151 of the authentication application 117 via the SCS 
50 122. 

[0066] When the user name and the password are in- 
put from the user name/password input screen 501 , the 
external server communication part 152 of the authen- 
tication application 117 sends the input user name and 
55 an entry search request to the LDAP server 300, so that 
the LDAP server 300 searches for an entry of user name 
in step S402. When the external server communication 
part 152 sends the user name and the entry search re- 
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quest, the inetd 141 launches the httpd 142 and the ht- 
tpd 142 sends the user name and the entry search re- 
quest to the LDAP server via the network controller 1 03. 
The search result is sent to the external server commu- 
nication part 1 52 via the network controller 1 03 and the 
hllpd 142. 

[0067] In Ihe following, Ihe process of slep S402 will 
be described in more detail. Fig. 7 shows the procedure 
of the entry search request process. 
[0068] The external server communication part 1 52 
sets the user ID to the search filter in step S601 . More 
specifically, for example, "user ID = XXXXXX" is set in 
the search filer. 

[0069] Next, in step S602, ldap_init () function is is- 
sued to obtain a session handle to be used operations 
hereinafter. After obtaining the session handle, the ex- 
ternal server communication part 1 52 executes a search 
function for the LDAP server 300. More specifically, 
Idapsearch () function is called by specifying parameters 
in step S603. The parameters are IP address of the des- 
tination LDAP server, destination port, connection au- 
thorization password, search position, the search filter 
set in step S601, and search attribute (password is 
specified). 

[0070] Then , the password corresponding to the user 
ID is searched for, so that the searched password is re- 
ceived from the LDAP server in step S604. Then, finally, 
to release the session handle, ldap_unbind () function 
is called. Then , a series of search request process ends. 
[0071] Next, as shown in Fig.5, the authentication part 
153 of the authentication application 117 determines 
whether the password received from the LDAP server 
300 and the password input by the user are the same 
in step S403. When they are the same, the authentica- 
tion part 153 sends the authentication result "matched" 
to the CCS 129 in step S404. When they are not the 
same, the authentication result "unmatched" to the CCS 
129 in step S405. The CCS 129 that received the au- 
thentication result determines whether the authentica- 
tion result is "matched" in step S406. If the result is 
"matched", it is determined that the user is valid, and the 
copy application 112 can be used by the user. In this 
case, the CCS 129 sends display request of an initial 
screen to the copy application 112 in step S407. Then, 
the copy application 112 displays the initial screen on 
the operation display part 150a on the operation panel 
1 50 in step S408. The CCS 1 29 may send the authen- 
tication result to the copy application. After that, for ex- 
ample, the copy application request the CCS 1 29 to stop 
displaying an authentication screen. 
[0072] When the result is "unmatched", the CCS 1 29 
displays an error message indicating that use of the 
copy application is restricted on the operation display 
part 150a in step S409. Alternatively, the CCS 129 may 
send the authentication result to the application, and the 
application may displays an error message. 
[0073] In this embodiment, the determination whether 
the input password and the received password are the 



same can be performed in the LDAP server. In addition, 
each of the password and the user ID can be input from 
an PC connected to the network instead of inputting 
from the operation panel. 

5 [0074] As mentioned above, according to the com- 
pound machine 100 or the first embodiment, the user 
information input process part 151 of the authentication 
application 117 receives the user ID and the password 
from the user, and the external communication part 152 

io sends the user ID to the LDAP server 300 connected to 
the Internet 1 70. Then, the external server communica- 
tion part 152 receives a password that is searched for 
by the LDAP server 300. Then, the authentication part 
1 53 determines whether the password input by the user 

15 and the password sent from the LDAP server are the 
same, and the determination result is sent to the CCS 
129. Thus, the compound machine does not need to 
have any authentication database in the inside, and the 
load for maintaining the database is decreased. In ad- 

20 dition, since it is not necessary to include the authenti- 
• cation database in each compound machine 100, the 
password is prevented from tampered, and the security 
of the compound machine can be improved. 

25 (Second embodiment) 

[0075] According to the compound machine 100 of 
the first embodiment, a screen for inputting the user 
name and the password is displayed on the operation 

30 panel, and the user ID is sent to the external server on 
the Internet to request a password corresponding to the 
user ID. On the other hand, according to the compound 
machine 700 of the second embodiment, the compound 
machine 700 receives a user name and billing data from 

35 a PC 200 on the Internet, and the compound machine 
700 request billing data from an external server. 
[0076] Fig.8 shows a main configuration of the com- 
pound machine 700 and a network configuration includ- 
ing the compound machine according to the second em- 

40 bodimcnt. Fig. 9 is a block diagram showing a functional 
configuration of the compound machine 700. 
[0077] As shown in Fig.8, the compound machine 700 
of this embodiment is connected to the Internet 170 
which connects a LDAP (Lightweigh Directiry Access 

45 Protocol) sever 300 and a PC 200 as a client terminal. 
TCP/IP is used for the communication protocol for the 
compound machine 700. the LDAP server 300 and the 
PC 200. 

[0078] As a main configuration for realizing use re- 
50 striction of the compound machine 700 in the second 
embodiment, as shown in Fig.8, the compound machine 
700 mainly includes applications such as a billing appli- 
cation 71 7 and a copy application, control services such 
as OCS 126, SCS 122 and CCS 129, inetd 141 and ht- 
55 tpd 1 42, and a network controller, and an operation pan- 
el 150. 

[0079] The LDAP server 300 of this embodiment 
stores password, mail address and billing data for each 
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user name. The billing data are, for example : budget 
(available amount of money), available number of A4 
papers, available number of B5 papers. 
[0080] The PC 200 of this embodiment connects an 
IC card reader 201 for reading an IC card. The IC card 
reader 201 reads a user name and billing data from an 
IC card, and sends the user name and the billing data 
to the compound machine 700. The billing data recorded 
in the IC card are, for example, used amount of money, 
used number of A4 papers, used number of B5 papers 
and the like. 

[0081] The billing application 717 in the compound 
machine 700 performs billing process by using the 
LDAP server 300. The billing application 71 7 includes a 
user information receiving part 751 , an external server 
communication part 752 and billing process part 753. 
[0082] The user information receiving part 751 re- 
ceives the user name and the password from the PC 
200. 

[0083] The external server communication part 752 
sends a user ID input from the operation panel 150 to 
the LDAP server 300. The LDAP server 300 searches 
for billing data corresponding to the user name. Then, 
the external server communication part 752 receives the 
billing data from the LDAP server 300. 
[0084] The billing process part 753 compares the bill- 
ing data received from the LDAP server 300 and the bill- 
ing data receives from the PC 200. Then, the billing 
process part 753 determines whether the billing data re- 
ceives from the PC 200 indicates a value that is within 
a range of a value indicated by the billing data received 
from the LDAP server 300. Then, the billing process part 
753 sends the determination result (within the range, or, 
out of the range) to the CCS 129 by using interprocess 
communication. 

[0085] The CCS (Certificate Control Service) 1 29 is a 
control service for controlling user restriction or billing 
process. According to the compound machine 700 of 
this embodiment, the CCS 129 receives the determina- 
tion result from the billing process part 753. Then, the 
CCS 129 sends information indicating whether to per- 
form use restriction to the copy application 112. Other 
conf iguration of the compound machine 700 is the same 
as that of the first embodiment. 

[0086] Next, use restriction process by the compound 
machine 700 of the second embodiment will be de- 
scribed. Fig. 10 shows data flows in the billing process 
and the use restriction process by the compound ma- 
chine 700. Fig. 11 is a flowchart of the procedure of the . 
use restriction process, 

[0087] When the compound machine 700 receives a 
user name and billing data from the PC 200, the billing 
application 717 is executed in an event-driven manner. 
Then, the billing application 71 7 performs the comparing 
process. If the determination result indicates that the 
use of the copy application 1 1 2 is not restricted, the copy 
application 1 1 2 outputs an initial screen on the operation 
display part of the operation panel 1 50, so that the user 



can perform copy operations. 

[0088] The user information receiving part 751 in the 
billing application 717 receives a user name and billing 
data from the PC 200. More specifically, the user name 

s and the billing data sent by the PC 200 is received by 
Lhe network controller 1004 of the compound machine 
700. Then, lhe user information receiving pari 751 re- 
ceives the user name and the billing data via the NCS 
126. After that, the external server communication part 

10 752 sends the user name and an entry search request 
to the LDAP server 300 : so that the LDAP server 300 
searches for an entry of the user name in step S1 001 . 
The entry search request process by the external server 
communication part 752 is the same as that of the first 

15 embodiment. In this embodiment, Idapsearch function 
is called in which "billing data" is set as the search at- 
tribute. 

[0089] Next, the billing process part 753 of the billing 
application 71 7 compares the billing data received from 
20 the LDAP server 300 and the billing data received from 
the PC 200, and determines whether the billing data re- 
ceived from the PC 200 is within a range of the billing 
data received from the LDAP server 300 in step S1 002. 
When the billing data is within the range, the billing proe- 
ms ess part 753 sends a determination result "within range" 
to the CCS 129 in step S1 003. On the other hand, when 
the billing data is not within the range, a determination 
result "out of range" is sent to the CCS 129 in step 
S1004. 

30 [0090] The CCS 129 that received the result deter- 
mines whether the result is "within range" in step S1 005. 
For example, the CCS 1 29 determines whetherthe used 
amount of money is smaller than the available amount 
of money, or whether used number of papers is less than 

35 available number of papers according to the resull re- 
ceived from the billing application. If the result is "within 
range", the CCS 112 does not restrict use of the copy 
application, so that the user can determine that the com- 
pound machine 700 still can be used. In this case, the 

^0 CCS 129 requests the copy application 112 to display 
an initial screen in step S1006. Then, the copy applica- 
tion 112 that receives the request displays the initial 
screen on the operation display part 150a of the opera- 
tion panel 150 in step S1007. 

45 [0091] On the other hand, when the CCS 129 deter- 
mines that the result is "out of range" in step S1 005, the 
CCS 129 displays an error message on the operation 
panel in step S1008, in which the error message indi- 
cates that the use of the copy application 112 is restrict- 

50 ed. Alternatively, the CCS 129 sends the result "out of 
range" to the copy application 112, and the copy appli- 
cation 112 displays the error message. 
[0092] As mentioned above, according to the com- 
pound machine 700 of the second embodiment, the user 

55 information receiving part 751 receives the user ID and 
the billing data from the PC 200. Then, the external serv- 
er communication part 752 sends the user ID to the 
LDAP server 300. After that, the LDAP server 300 
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searches for billing data corresponding to the user ID, 
and the external server communication part 752 re- 
ceives the searched billing data. Then, the billing proc- 
ess part 753 compares the billing data received by the 
external server communication part 152 and the billing 
dala received by Lhe user information receiving part 751 . 
Then , the billing process part 753 sends the comparison 
result to the CCS 1 29. Therefore, it is not necessary that 
the compound machine includes a billing database, so 
that work load for maintenance of the billing database 
decreases. In addition, since it is not necessary to have 
the billing database in the compound machine, unau- 
thorized tampering with information such as billing data 
can be prevented, so that the security of the compound 
machine 700 improves. 

[0093] Billing for copying can be also performed in the 
following way. In the following example, the billing data 
received from the LDAP server is an available number 
of copies to be made by the user, and the billing data 
read from the IC card is a used number of copies that 
has already been made by the user. 
[0094] As mentioned above, if the used number of 
copies is less than the available number of copies, the 
user can copy a document. In such a case, the billing 
application holds the available number of copies and ttie 
used number of copies. Each time when the compound 
machine copies a document, the copy application is- 
sues a print job to the ECS via the SCS. Then, the ECS 
sends a paper eject completion notification to the billing 
application. When the billing application receives the pa- 
per eject completion notification, the billing application 
increments the used number, and compares the incre- 
mented used number and the available number of cop- 
ies. In addition, the used number is updated in the IC 
card. If Lhe incremented used number is less than the 
available number of copies, the compound machine can 
continue to copy the document. On the other hand, the 
used number reaches the available number, the billing 
application notifies the CCS that the used number 
roaches the available number, and the CCS requests 
the copy application to stop copying. 
[0095] Since the billing application determines wheth- 
er to permit or not to permit use of the copy application 
on the basis of a condition, the billing application can be 
called as an authentication application. 

(Third embodiment) 

[0096] Next, the third embodiment will be described. 
In the first and second embodiment, the user restriction 
is performed by using the authentication application or 
the billing application. According to the compound ma- 
chine of the third embodiment, a plurality of applications 
and/or apparatuses for authentication/billing can be 
used. 

[0097] The whole configuration of the compound ma- 
chine of the third embodiment is almost the same as that 
of Fig.2. The compound machine of the third embodi- 



ment can include a plurality of authentication/billing ap- 
plications. In addition, the compound machine of the 
third embodiment can connect conventional external 
authentication/billing apparatuses such as a key coun- 

5 ter, a coin lack and a key card and the like. 

[0098] Fig. 12 is a figure for explaining the capability 
of the CCS 129 of the third embodiment. In the following 
description, each of the external authentication/billing 
apparatus such as the key card, and the authentication/ 

10 billing application such as those described in the first 
and second embodiment can be referred to as "authen- 
tication/billing system". 

[0099] As shown in Fig. 12, the CCS 129 connects a 
plurality of authentication/billing systems and a plurality 
15 of applications that are covered by the authentication/ 
billing systems. In addition, the CCS 129 manages in- 
formation indicating which authentication/billing system 
is used for which application. The plurality of authenti- 
cation/billing systems may include the external billing 
20 apparatus such as the coin lack and the authentication/ 
billing application such as that described in the first and 
second embodiment. For example, the authentication/ 
billing system 1 may be a new authentication/billing ap- 
plication installed in the compound machine, and the au- 
25 thentication/billing system 2 may be a conventional key 
counter or a key card. 

[0100] Fig.13 shows a software configuration of the 
CCS 129. The CCS 129 of the third embodiment in- 
cludes a main control part 1 291 , a user code part 1 292, 
30 a key counter part 1293, an external authentication/bill- 
ing system part 1294 and an extended authentication/ 
billing system part 1295 and a device interface part 
1296. 

[0101] The main control part 1291 controls the whole 
35 process of the CCS 1 29. The user code part 1 292 is for 
user authentication by using user ID. The authentication 
itself is performed by an application or a control service 
such as SCS. The user code part 1292 manages setting 
information indicating that which applications use the 
-to user code authentication. In addition, the user code part 
1 292 obtains an authentication result, sends the authen- 
tication result to the main control part 1291. The key 
counter part 1 293 is used when authentication/billing is 
performed by the key counter. The external authentica- 
45 tion/billing system part 1294 is used when authentica- 
tion/billing is performed by using an external authenti- 
cation/billing apparatus such as the key card and the 
coin lack and the like. The extended authentication/bill- 
ing system part 1 295 is used when authentication/billing 
50 is performed by using an authentication/billing system 
such as that described in the first and second embodi- 
ment. Like the user code part 1292, each of the parts 
1293-1295 manages setting information indicating tar- 
get applications, obtains authentication result, and 
55 sends the result to the main control part 1 291 . The CCS 
129 can be also configured such that the main control 
part 1291 refers to information indicating which authen- 
tication/billing system covers which application. 
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[0102] The CCS 129 shown in Fig. 13 is one example. 
More authentication/billing system parts can be provid- 
ed according to connected authentication/billing appa- 
ratuses and authentication billing applications to be 
used. 

[0103] The device interface part 1296 is used Tor con- 
necting the exlernal authenlicalion/billing apparatus 
such as the key card, the coin lack and the like to the 
CCS 129. For example, by using code shown in Fig. 14, 
the device' interface part 1296 detects insert of a card 
into the external apparatus, roads authentication result 
information from the apparatus, and sends an instruc- 
tion to the main control part 1291 . For example, in a case 
when the authentication result is "OK", the instruction 
may be an instruction for instructing the main control 
part 1291 to permit all applications' to operate normally. 
[0104] Next, setting for associating authentication/ 
billing systems with applications to be covered by the 
authentication/billing systems will be described. By per- 
forming the setting, it is determined which application is 
covered by which authentication/billing system. 
[01 05] Figs. 1 5-1 8 shows examples of setting screens 
shown on the operation panel of the compound ma- 
chine. The screens may be displayed by the CCS 129. 
The screens can be also displayed by the SCS 1 22 by 
exchanging information for display between the SCS 
1 22 and the CCS 1 29. In the following example, the CCS 
129 displays the screen. 

[0106] First, as shown in Fig. 15, a list of usable au- 
thentication/billing systems is displayed. In the figure, 
the button "external billing apparatus management" is 
used for making settings for apparatuses such as the 
coin lack and key card and the like. The button "extend- 
ed authentication/billing system 1 management" is used 
for making sellings for new aulhenlicalion/billing appli- 
cations. By pushing "Next" button, another systems 
such as "extended authentication/billing system 2 man- 
agement" can be displayed. 

[0107] In the screen shown in Fig. 15, when "extended 
authentication/billing system 1 management" is select- 
ed, a screen shown in Fig. 16 is displayed. In addition, 
by pushing "Next page", future new applications can be 
shown as shown in Fig.1 7. In the screen shown in Figs. 
16 and 17, one or more applications for which the se- 
lected authentication/billing system 1 performs authen- 
tication/billing are selected. In the screen of Figs. 1 6 and 
17, one or more functions in an application can be se- 
lected. For example, when "full color" is selected in the 
copy application, authentication/billing operation is per- 
formed by the extended authentication/billing system 1 
only when the user uses the full color function of the 
copy application. 

[0108] The setting information set from the above- 
mentioned screens are stored in a storage as informa- 
tion shown in Fig. 18. According to the setting shown in 
Fig. 18, use restriction process is performed by the ex- 
tended authentication/billing system 1 when color capa- 
bility of application 1 is used. As to application 2, use 



restriction process is performed when the application 2 
is used. 

[0109] When the application 1 is used, for example, 
information indicating that a color capability of the ap- 

s plication 1 will be used is sent to the CCS 129 from the 
application 1. Then, the CCS 129 refers to information 
shown in Fig. 18 so as to determine whether the color 
capability of the application 1 is a target for an authen- 
tication/billing system. Then, if the CCS 1 29 finds an au- 

10 thentication/billing system that covers the color capabil- 
ity of the application 1 , the CCS 129 instruct the found 
authentication/billing system to operate for the applica- 
tion 1 . 

[0110] For example, in a state in which setting to use 

15 the authentication/billing system 1 for the function 1 of 
the application 1 is already done, if the user further 
makes setting to use the authentication/billing system 2 
for the function 1 of the application 1, the CCS 129 may 
display a screen for inputting relationship between the 

20 authentication/billing system 1 and the authentication/ 
- billing system 2 at the time when the setting for the au- 
thentication/billing system 2 is made, and the CCS 129 
may record the relationship. For example, setting can 
be made in which the function 1 of the application 1 will 

25 be permitted if either one of authentication by the system 
1 or the system 2 succeeds. Also, setting can be made 
in which use of the function 1 of the application 1 will be 
permitted only if authentication by both of the system 1 
and the system 2 succeeds. 

30 [01 1 1 ] In addition to the screens shown in Figs. 1 6-1 8, 
screens shown in Figs. 19-20 can be displayed. In this 
case, for example, if the extended authentication/billing 
system 1 is selected in the screen of Fig. 15, a screen 
shown in Fig. 19 will be displayed. In the screen, "setting 

35 by selecting Tunction of application" or "selling by select- 
ing application" is selected. 

[0112] If "setting by selecting function of application" 
is selected, screens same as those shown in Figs. 16 
and 17 are displayed, and the settings can be made 

40 same similarly. 

[0113] If "setting by selecting application" is selected, 
a screen shown in Fig.20 is displayed. In this screen, 
when an application is selected, the corresponding au- 
thentication/billing application operates for any capabil- 

45 ity of the application. For the setting shown in Fig.20, 
information shown in Fig. 21 is recorded, for example. 
The CCS 129 refers to the table, so that the CCS 129 
operates an authentication/billing application for the 
corresponding application that is going to be used by 

50 the user. For example, when one of the copy application 
or the application 1 is going to be used, the authentica- 
tion/billing system 1 operates, so that authentication is 
performed and the authentication result is sent to the 
application via the CCS. 

55 [0114] The above-mentioned examples are for select- 
ing one or more applications for an authentication/billing 
system. In addition, setting can be made for selecting 
one or more authentication/billing systems for one ap- 
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plication. Examples of screens for this case are shown 
in Figs.22-23. 

[0115] First, a screen shown in Fig.22 is displayed. In 
the screen, for example, if an application 1 is selected, 
a screen shown in Fig.23 is displayed. The authentica- s 
lion/billing system selected in this screen is applied to 
the application 1. Further, a plurality or authentication/ 
billing systems can be selected. As for selecting a plu- 
rality of authentication/billing systems, AND setting can 
be made in which, only if authentication of every authen- 10 
tication/billing system succeeds, the result "OK" is sent 
to the application. In addition, OR setting can be made 
in which, if authentication of one of the authentication/ 
billing systems succeeds, the result "OK" is sent to the 
application. For making such settings, for example, after *5 
the user selects an authentication/billing system, the us- 
er pushes AND or OR button. After that, the user further 
selects an authentication/billing system. As a result, 
AND or OR relationship can be set between the authen- 
tication/billing system selected firstly and the authenti- 20 
cation/billing system selected secondly, in this case, for 
example, information such as "authentication system 1 
AND authentication system 2" is recorded with the cor- 
responding application. Then, the CCS 1 29 refers to this 
information so as to operate both of the authentication/ 25 
billing systems for the corresponding application. Then, 
only when both of authentication results are OK, the 
CCS 129 sends a result "OK" to the corresponding ap- 
plication. Then, the application can operate. 
[0116] Depending on the specification of an applica- 30 
tion. there may be a case in which an authentication/ 
billing system can not be used by the application. There- 
fore, before displaying the screen of Fig.23, the appli- 
cation may notify the CCS 1 29 of applicable authentica- 
tion/billing systems. On the basis of the notification, the 35 
CCS 129 may display a screen indicating authentica- 
tion/billing systems applicable to the application. 
[01 1 7] The operation of the CCS 1 29 when an authen- 
tication/billing system operates is similar to that in the 
first and second embodiment. In the third embodiment, -*o 
the CCS 129 refers to the above-mentioned setting in- 
formation. In addition, the CCS 129 can receive authen- 
tication results from a plurality of authentication/billing 
systems. When all of the results indicate "OK", the CCS 
1 29 can send the result "OK" to one or more applications 45 
according to the setting information. In addition, accord- 
ing to the setting information, the CCS 1 29 can send the 
result "OK" to one or more applications when one of the 
results indicates "OK". 

[01 1 8] As described in the first embodiment, the CCS 50 
129 may request an authentication/billing application to 
display an authentication screen for restricting operation 
of an target application that is launched when the power 
of the compound machine is turned on. In addition, the 
CCS 129 may detect an application change request, 55 
and may request an authentication/billing application to 
display an authentication screen for restricting the use 
of the changed application. When AND relationship is 



set among a plurality of authentication/billing applica- 
tions, for example, authentication of the authentication/ 
billing applications may be performed in turn. 
[0119] The present invention is not limited to the spe- 
cifically disclosed embodiments, and variations and 
modifications may be made without departing from the 
scope of the present invention. 

Claims 

1. An image forming apparatus in which a plurality of 
applications can be installed, the image forming ap- 
paratus comprising: 

a use control part for receiving one or more au- 
thentication results from one or more authenti- 
cation parts, and controlling use restriction for 
one or more applications according to the re- 
ceived one or more authentication results. 

2. The image forming apparatus as claimed in claim 
1 , wherein the use control part refers to information 
indicating one or more authentication parts that cor- 
respond to an application, causes the one or more 
authentication parts to perform authentication proc- 
ess when the application is used, and sends an au- 
thentication result to the application. 

3. The image forming apparatus as claimed in claim 
1 , wherein the use control part refers to information 
indicating one or more applications that correspond 
to an authentication part, and sends an authentica- 
tion result of the authentication part to an applica- 
tion in the one or more applications when the appli- 
cation is used. 

4. The image forming apparatus as claimed in any one 
of the preceding claims, wherein the use control 
part includes a part for controlling use restriction for 
a function of the application. 

5. The image forming apparatus as claimed in any one 
of the preceding claims, wherein the use control 
part sends an authentication result indicating suc- 
cess of authentication to the one or more applica- 
tions only when authentication by all of the one or 
more authentication parts succeeds. 

6. The image forming apparatus as claimed in any one 
of claims 1 to 4, wherein the use restriction part 
sends an authentication result indicating success of 
authentication to the one or more applications when 
authentication by at least one authentication part in 
the one or more authentication parts succeeds. 

7. The image forming apparatus as claimed in any one 
of the preceding claims, wherein each of the one or 
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more authentication part is an application or an ap- 
paratus connected to the image forming apparatus. 

8. The image forming apparatus as claimed in any one 
of the preceding claims, wherein the authentication 
parL performs authentication by using user authen- 
tication information input by a user and user authen- 
tication information registered beforehand. 

9. The image forming apparatus as claimed in any one 
of the preceding claims, wherein the authentication 
part performs authentication by using billing infor- 
mation input by a user and available billing informa- 
tion registered beforehand. 

10. The image forming apparatus as claimed in any one 
of the preceding claims, the image forming appara- 
tus further comprising hardware resources used for 
image forming processes, and control services that 
perform processes of the system side including 
control of the hardware resources, 

wherein the image forming apparatus is con- 
figured so as to be able to install a plurality of appli- 
cations separately from the control services, and 
the image forming apparatus includes the use con- 
trol part as a control service. 

1 1 . The image forming apparatus as claimed in any one 
of the preceding claims, the authentication part 
comprising: 

a user information input part for a user to input 
user identification information and user authen- 
tication information; 

an external server communication part for 
sending the user identification information input 
by the user to an external server, and receiving 
user authentication information corresponding 
to the user identification information from the 
external server; and 

a part for determining whether the user authen- 
tication information received from the external 
server is the same as the user authentication 
information input by the user, and sending a de- 
termination result to the use control part. 

1 2. The image forming apparatus as claimed in any one 
of the preceding claims, the authentication part 
comprising: 



formation corresponding to the user identifica- 
tion information from the external server; 
a billing process part for comparing the first bill- 
ing information received from the client terminal 
5 with the second billing information received 

from the external server, and sends a compar- 
ing result to the use control part. 

13. The image forming apparatus as claimed in claim 
10 1 2, wherein the client terminal reads the user iden- 
tification information and the first billing information 
from an external recording medium, and the user 
information receiving part receives the user identi- 
fication information and the first billing information 

15 from the client terminal. 

14. The image forming apparatus as claimed in claim 
1 1 , claim 1 2 or claim 1 3, wherein the external server 
is a LDAP server on a network. 

20 

15. A use control method for an application in an image 
forming apparatus in which a plurality of applica- 
tions can be installed, the use control method com- 
prising: 

25 

a use control step for receiving one or more au- 
thentication results from one or more authenti- 
cation parts, and controlling use restriction for 
one or more applications according to the re- 
30 ceived one or more authentication results. 

16. The use control method as claimed in claim 15, 
wherein the image forming apparatus refers to in- 
formation indicating one or more authentication 

35 parts that correspond to an application, causes the 
one or more authentication parts to perform authen- 
tication process when the application is used, and 
sends an authentication result to the application. 

40 17. The use control method as claimed in claim 15, 
wherein the image forming apparatus refers to in- 
formation indicating one or more applications that 
correspond to an authentication part, and sends an 
authentication result of the authentication part to an 
45 application in the one or more applications when the 
application is used. 

18. The use control method as claimed in any one of 
claims 15 to 17, wherein the image forming appa- 
ratus controls use restriction for a function of an ap- 
plication. 

19. The use control method as claimed in any one of 
claims 15 to 18, wherein the image forming appa- 
ratus sends an authentication result indicating suc- 
cess of authentication to the one or more applica- 
tions only when authentication by all of the one or 
more authentication parts succeeds. 



a user information receiving part for receiving, 
from a client terminal, user identification infor- 
mation and' first billing information indicating 
usage of the image forming apparatus by a us- 
er; 55 
an external server communication part for 
sending the user identification information to an 
external server, and receiving second billing in- 
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20. The use control method as claimed in any one of 
claims 15 to 18, wherein the image forming appa- 
ratus sends an authentication result indicating suc- 
cess of authentication to the one or more applica- 
tions when authentication by at least one authenti- 
cation part in Ihe one or more authentication parts 
succeeds. 

21. The use control method as claimed in any one of 
claims 15 to 20, wherein each of the one or more 
authentication part is an application or an apparatus 
connected to the image forming apparatus. 

22. The use control method as claimed in any one of 
claims 1 5 to 21 . wherein the authentication part per- 
forms authentication by using user authentication 
information input by a user and user authentication 
information registered beforehand. 

23. The use control method as claimed in any one of 
claims 1 5 to 22. wherein the authentication part per- 
forms authentication by using billing information in- 
put by a user and available billing information reg- 
istered beforehand. 

24. The use control method as claimed in any one of 
claims 15 to 23, the image forming apparatus fur- 
ther comprising hardware resources used for image 
forming processes, and control services that per- 
form processes of the system side including control 
of the hardware resources, 

wherein the image forming apparatus is con- 
figured so as to be able to install a plurality of appli- 
cations separately from the control services, and 
the use control step is performed by a control serv- 
ice. 

25. The use control method as claimed in any one of 
claims 1 5 to 24, the authentication part comprising: 

a user information input part for a user to input 
user identification information and user authen- 
tication information; 

an external server communication part for 
sendingthe user identification information input 
by the user to an external server, and receiving 
user authentication information corresponding 
to the user identification information from the 
external server; and 

a part for determining whether the user authen- 
tication information received from the external 
server is the same as the user authentication 
information input by the user. 

26. The use control method as claimed in any one of 
claims 1 5 to 25, the authentication part comprising: 

a user information receiving part for receiving, 



from a client terminal, user identification infor- 
mation and first billing information indicating 
usage of the image forming apparatus by a us- 
er; 

5 an external server communication part for 

sending the user identification information to an 
external server, and receiving second billing in- 
formation corresponding to the user identifica- 
tion information from the external server; 

10 a billing process part for comparing the first bill- 

ing information received from the client terminal 
with the second billing information received 
from the external server. 

15 27. The use control method as claimed in claim 26, 
wherein the client terminal reads the user identifi- 
cation information and the first billing information 
from an external recording medium, and the user 
information receiving part receives the user identi- 
fication information and the first billing information 
from the client terminal. 

28. The use control method as claimed in claim 25, 
claim 26 or claim 27, wherein the external server is 
LDAP server on a network. 

29. An image forming apparatus in which a plurality of 
applications can be installed, the image forming ap- 
paratus comprising: 

a display part for displaying a screen, on ah op- 
eration panel of the image forming apparatus, 
for selecting one or more applications for an au- 
thentication part, in which user authentication 
by the authentication part is applied to use of 
the one or more applications; and 
a use control part for receiving an authentica- 
tion result from the authentication part, and 
controlling use restriction for the one or more 
applications according to the authentication re- 
sult. 

30. The image forming apparatus as claimed in claim 
29, wherein information input from the screen is 
stored in the image forming apparatus as informa- 
tion indicating the one or more applications corre- 
sponding to the authentication part. 

31. The image forming apparatus as claimed in claim 
29 or claim 30, wherein the display part displays a 
screen for selecting one or more functions of an ap- 
plication to which user authentication by the authen- 
tication part is applied. 

32. An image forming apparatus in which a plurality of 
applications can be installed, the image forming ap- 
paratus comprising: 
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a display part for displaying a screen, on an op- 
eration panel of the image forming apparatus, 
for selecting one or more authentication parts 
for an application, in which user authentication 
by the one or more authentication parts can be 5 
applied to use of the application; and 
a use control part for receiving one or more au- 
thentication results from the one or more au- 
thentication parts, and controlling use restric- 
tion for the application according to the one or 10 
more authentication results. 

33. The image forming apparatus as claimed in claim 
32, wherein information input from the screen is 
stored in the image forming apparatus as informa- 15 
tion indicating the one or more authentication parts 
corresponding to the application. 

34. The image forming apparatus as claimed in claim 

32 or claim 33, wherein the display part displays a 20 
screen for setting relationship among the one or 
more authentication parts. 

35. The image forming apparatus as claimed in any one 

of claims 32 to 34, wherein the display part displays 25 
a screen for setting information indicating that user 
authentication for use of the application succeeds 
only if authentication by all of the one or more au- 
thentication parts succeeds. 

30 

36. The image forming apparatus as claimed in any one 
of claims 32 to 34, wherein the display part displays 
a screen for setting information indicating that user 
authentication for use of the application succeeds 

if authentication by al least one of the one or more 35 
authentication parts succeeds. 

37. The image forming apparatus as claimed in any one 
of claims 29 to 36, wherein the authentication part 
performs authentication by using user authentica- *o 
tion information input by a user and user authenti- 
cation information registered beforehand. 

38. The image forming apparatus as claimed in any one 

of claims 29 to 37, wherein the authentication part 45 
performs authentication by using billing information 
input by a user and available billing information reg- 
istered beforehand. 



the image forming apparatus includes the use con- 
trol part and the display part as a control service. 

40. A use control method for an application in an image 
forming apparatus in which a plurality of applica- 
tions can be installed, the use control method com- 
prising: 

a display step for displaying a screen, on an op- 
eration panel of the image forming apparatus, 
for selecting one or more applications for an au- 
thentication part, in which user authentication 
by the authentication part is applied to use of 
the one or more applications; and 

a use control step for receiving an au- 
thentication result from the authentication part, 
and controlling use restriction for the one or 
more applications according to the authentica- 
tion result. 

41. The use control method as claimed in claim 40, 
wherein information input from the screen is stored 
in the image forming apparatus as information indi- 
cating the one or more applications corresponding 
to the authentication part. 

42. The use control method as claimed in either claim 
40 or claim 41 , wherein the image forming appara- 
tus displays a screen for selecting one or more func- 
tions of an application to which user authentication 
by the authentication part is applied. 

43. A use control method for an application in an image 
forming apparatus in which a plurality of applica- 
tions can be installed, the use control method com- 
prising: 

a display step for displaying a screen, on an op- 
eration panel of the image forming apparatus, 
for selecting one or more authentication parts 
for an application, in which user authentication 
by the one or more authentication parts can be 
applied to use of the application; and 
a use control step for receiving one or more au- 
thentication results from the one or more au- 
thentication parts, and controlling use restric- 
tion for the application according to the one or 
more authentication results. 



39. The image forming apparatus as claimed in any one 
of claims 29 to 38, the image forming apparatus fur- 
ther comprising hardware resources used for image 
forming processes, and control services that per- 
form processes of the system side including control 
of the hardware resources, 

wherein the image forming apparatus is con- 
figured so as to be able to install a plurality of appli- 
cations separately from the control services, and 



44. The use control method as claimed in claim 43, 
wherein information input from the screen is stored 
in the image forming apparatus as information indi- 
cating the one or more authentication parts corre- 
sponding to the application. 

45. The use control method as claimed in any one of 
claims 40 to 44, wherein the image forming appa- 
ratus displays a screen for setting relationship 
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among the one or more authentication parts. 

46. The use control method as claimed in any one of 
claims 40 to 45, wherein the image forming appa- 
ratus displays a screen for setting information indi- 5 
eating thai user authentication for use of Lhe appli- 
cation succeeds only if auLhenLicalion by all of the 
one or more authentication parts succeeds. 

47. The use control method as claimed in any one of 10 
claims 40 to 45, wherein the imago forming appa- 
ratus displays a screen for setting information indi- 
cating that user authentication for use of the appli- 
cation succeeds if authentication by at least one of 

the one or more authentication parts succeeds. 15 

48. The use control method as claimed in any one of 
claims 40 to 47, wherein the authentication part per- 
forms authentication by using user authentication 
information input by a user and user authentication 20 
information registered beforehand. 

49. The use control method as claimed in any one of 
claims 40 to 48. wherein the authentication part per- 
forms authentication by using billing information in- 25 
put by a user and available billing information reg- 
istered beforehand. 

50. The use control method as claimed in any one of 
claims 40 to 49, the image forming apparatus fur- so 
ther comprising hardware resources used for image 
forming processes, and control services that per- 
form processes of the system side including control 

of the hardware resources, 

wherein the image forming apparatus is con- 35 
figured so as to be able to install a plurality of appli- 
cations separately from the control services, and 
the display step and the use control step are per- 
formed by a control service. 

40 

51. A computer program having program code means 
that, when executed on a computer system, in- 
structs a computer system to carry out the steps ac- 
cording to any one of claims 15 to 28 or 40 to 50. 

45 

52. A computer readable storage medium having re- 
corded thereon program code meansthat, when ex- 
ecuted on a computer system, instructs a computer 
system to carry out the steps according to any one 

of claims 1 5 to 28 or 40 to 50. so 
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FIG. 14 
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